Link shortening service Bitly hacked, users asked to reset credentials

Link shortening service Bitly late Thursday announced it has suffered a data breach, and urged all users to reset their credentials. 

Bitly’s CEO wrote in the blogpost that they have “reasons to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens”.

This is really bad because it is not enough just to reset the password. Each user has actually to change all applications that were using the service using the OAuth tokens.

bitly

Even if the company assures users that they have no indication at this time that any accounts have been accessed without permission, this is no guarantee. And indeed, Bitly reset Twitter and Facebook connections. Fortunately, they can be restored with just one click.

Following are step-by-step instructions to reset your API key and OAuth token:

1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.

2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’

3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.

4) Go to the ‘Profile’ tab and reset your password.

5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’

 

 

Sorin Mustaca

IT Security Expert

from Avira – TechBlog http://ift.tt/1oiOJsm
via IFTTT


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close